@RISK Newsletter for March 12, 2015

The consensus security vulnerability alert.

Vol. 15, Num. 10

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.

CONTENTS:

TOP VULNERABILITY THIS WEEK: Microsoft Patch Tuesday for March 2015: 14

Bulletins Released

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP

Title: Microsoft Patch Tuesday for March 2015: 14 Bulletins Released;FREAK PatchedDescription: Microsoft has released their monthly set of advisories toaddress security defects within their products. Fourteen bulletins werereleased. Five are rated critical and nine are rated important.Additionally, the FREAK vulnerability has also been patched in thismonth’s set of patches.Reference: https://technet.microsoft.com/library/security/ms15-marSnort SID: 21232, 33287-33288, 33705-33739, 33741-33744, 33760-33811

Title: Apple Releases Security Updates for OS X, iOS, and Other Apps.Description: Apple has release security updates for OS X, iOS, Apple TV,and Xcode. These updates include patches for the FREAK vulnerabilityand an iCloud keychain vulnerability that could allow remote codeexecution within iOS and OS X. Other information disclosure and remotecode execution vulnerabilities were also resolved with this round ofupdates.Reference: https://support.apple.com/en-us/HT1222Snort SID: Detection pending

Title: Xen Project Releases Security AdvisoriesDescription: The Xen Product Security Team has released securityadvisories for Xen Hypervisor. These advisories address vulnerabilitiesthat could allow hypervisor memory corruption due to a flaw within thex86 emulator and information disclosures flaws.Reference: http://xenbits.xen.org/xsa/

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits areavailable. System administrators can use this list to help inprioritization of their remediation activities. The Qualys VulnerabilityResearch Team compiles this information based on various exploitframeworks, exploit databases, exploit kits and monitoring of internetactivity.

ID: CVE-2015-0310Title: Adobe Flash Player Memory Address Randomization Design ErrorSecurity Bypass VulnerabilityVendor: AdobeDescription: Adobe Flash Player before 13.0.0.262 and 14.x through 16.xbefore 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linuxdoes not properly restrict discovery of memory addresses, which allowsattackers to bypass the ASLR protection mechanism on Windows, and havean unspecified impact on other platforms, via unknown vectors, asexploited in the wild in January 2015.

ID: CVE-2014-6271Title: Multiple Vendor Bash Remote Code Execution VulnerabilityVendor: Multiple VendorsDescription: GNU Bash through 4.3 processes trailing strings afterfunction definitions in the values of environment variables, whichallows remote attackers to execute arbitrary code via a craftedenvironment, as demonstrated by vectors involving the ForceCommandfeature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the ApacheHTTP Server, scripts executed by unspecified DHCP clients, and othersituations in which setting the environment occurs across a privilegeboundary from Bash execution, aka “ShellShock.” NOTE: the original fixfor this issue was incorrect; CVE-2014-7169 has been assigned to coverthe vulnerability that is still present after the incorrect fix.CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

MOST PREVALENT MALWARE FILES 2015-03-03 - 2015-03-10 COMPILED BY TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP